Miscellaneous

Configuring your SSL certificates

To communicate with the New Relic collector over HTTPS, you need to have the proper certificates for trusted signers in the trust store on your app server. There are two ways to do this:

Use YAML-based configuration.

Add the bundled list of New Relic trusted signers to the local store.

Using YAML-based configuration

The New Relic Java agent bundles the list of trusted signers in the agent .jar file. If you do not want to change the local trust store, you can activate them by setting use_private_ssl to true in the newrelic.yml agent configuration file.

Adding New Relic trusted signers to the local store

You can also add the bundled list of trusted signers to your local trust store. The default location for the local trust store is $JAVA_HOME/jre/lib/security/cacerts. To override this location, set the javax.net.ssl.truststore property in your launch command to the target location.

To add the bundled list of trusted signers to your local trust store:

Make a backup copy of your trust store:

% cp /path/to/truststore /path/to/truststore.orig

Extract the New Relic trust store from the agent jar:

% jar xvf /path/to/newrelic.jar nrcerts

If you are prompted for a password during this step, leave the password space blank and confirm.